Intel Stratix 10 SoC UEFI Boot Loader User Guide
1. Overview
- The boot ROM
- The secure device manager (SDM)
- The Secure Monitor
- The UEFI boot loader
The Intel Stratix 10 SoC secure boot flow ensures that the system boot loader is signed with a cryptographic key, validated by the firmware.
The Secure Monitor stage also implements the TrustZone* model of secure partitioning. This model divides the software environment into two isolated partitions, called the secure world and the non-secure world. The two worlds can only communicate with each other through the Secure Monitor.
The binary image of the UEFI boot loader can be stored on Quad SPI flash SD/MMC card. On board power-up, the secure device manager (SDM) loads the Secure Monitor directly onto Hard Processor System (HPS) on-chip RAM. Then the Secure Monitor loads the UEFI boot loader in HPS DDR memory.
- Initializing DDR SDRAM memory
- Configuring low level hardware, such as PLL, IOs, and pin MUXes, needed by nonsecure world software
- Providing Ethernet support
- Supporting basic hardware diagnostic features
- Fetching subsequent boot software such as the operating system package or kernel image.
2. System Requirements
2.1. Minimum Hardware Requirements
- Linux
workstation with the following configuration:
- Serial terminal, such as Minicom for Linux
- microSD card slot or microSD card writer or SD capable writer with SD to microSD converter
Table 1. Platform Capabilities Linux Able to compile the UEFI boot loader Yes Able to compile the Secure Monitor Yes
2.2. Minimum Software Requirements
- Intel® SoC FPGA Embedded Development Suite (SoC EDS) v18.1 and above
- Linaro aarch64-linux-gnu-gcc toolchain
3. Getting Started
3.1. Installing Software Components
3.1.1. Installing the Intel SoC EDS
Download the Intel SoC EDS from the Download Center for FPGAs.
3.1.2. Installing the Compiler Toolchain
- Linux: gcc-arm-8.3-2019.03-x86_64-aarch64-linux-gnu.tar.xz
3.2. Building the Secure Monitor
As security becomes more and more important, a secured boot solution becomes a requirement in the embedded world. To ensure comprehensive security and a trusted platform, secure partitioning is required. The Intel Stratix 10 device achieves secure partitioning by implementing the TrustZone model with Arm* Trusted Firmware (ATF). The TrustZone model splits the computing environment into two isolated worlds, the secure world and normal world, which are linked by a software monitor called the Secure Monitor. The two worlds have separated logical address space and peripherals. Communication between the two worlds is only possible by calling the privileged Secure Monitor call (SMC) instruction.
- BootRom
- Secure Device Manager
- Secure Monitor
- Uboot/UEFI
- Hypervisor
- OS
Secure Monitor mode is a privileged mode and is always secure regardless of the state of the NS bit. The Secure Monitor is code that runs in Secure Monitor mode and processes switches to and from the Secure world. The overall security of the software relies on the security of this code along with the Secure boot code.
3.2.1. User Configuration
You can find all platform configurations in arm-trusted-firmware/plat/intel/soc/stratix10/include/socfpga_plat_def.h.
For user configuration, you must modify the boot sources based on your preferences. You select BOOT_SOURCE_SDMMC if boot from SDMMC or select BOOT_SOURCE_QSPI if boot from QSPI.
#define BOOT_SOURCE BOOT_SOURCE_SDMMC
3.2.2. Getting the Arm Trusted Firmware Source Code
The ATF source is at GitHub. To get the ATF source code, simply run the following steps:
- Open a terminal.
- Create a new directory to check out the ATF source code from GitHub.
-
Change to this working directory and clone the ATF source from the
Git trees as follows:
$ git clone https://github.com/altera-opensource/arm-trusted-firmware
-
When completed, change to the arm-trusted-firmware folder and perform a Git check out as
follows:
$ cd arm-trusted-firmware $ git checkout socfpga_v2.1
3.2.3. Building the ATF
This section describes how to build the ATF with the Linaro GCC compiler.
To start building the ATF with the Linaro GCC compiler, simply run the following steps:
- Change your directory to the ATF source code location as
follows:
$ cd arm-trusted-firmware
- Set the GCC path and environment variable CROSS_COMPILE to Linaro cross compile as
follows:
export PATH=<your gcc directory>/\ gcc-arm-8.3-2019.03-x86_64-aarch64-linux-gnu/bin/:$PATH $ export ARCH=arm64 $ export CROSS_COMPILE=aarch64-linux-gnu-
- Remove the build tree completely as
follows:
$ make realclean
- Build the ATF by using the following
command:
$ make PLAT=stratix10 bl2 bl31
- The following messages appear when the ATF build is successful:
- The table below lists the Secure Monitor output files.
Table 2. Descriptions of Secure Monitor Files File Path and Name
Description
\build\stratix10\release\bl31.bin Generated binary file
\build\stratix10\release\bl31\bl31.elf Generated elf file
\build\stratix10\release\bl2.bin Generated binary file
\build\stratix10\release\bl2\bl2.elf Generated elf file
3.3. Building the UEFI Boot Loader
The Unified Extensible Firmware Interface (UEFI) is a standardized firmware specification that simplifies and secures platform initialization and firmware bootstrap operations. UEFI is currently developed and supported by representatives from more than 250 industry-leading technology companies. Arm* and the Linaro Enterprise Group are also promoting the use of UEFI on Arm* architecture, because the UEFI specification helps standardize the boot process for Arm* processor-based platforms.
UEFI technology is future-proofed through standardization of firmware design rather than proprietary firmware design. UEFI specifications promote business and technological efficiency, improve performance and security, facilitate interoperability between devices, platforms and systems and comply with next-generation technologies. The UEFI specification is peer-reviewed and published, allowing developers to write firmware once per platform and reuse it without much modification. This reuse results in cost and time savings during boot loader development.
This framework uses the BSD license, permitting you to optionally commercialize your implementation with minimal legal issues.
You can compile the UEFI source code either in a Windows or in a Linux system.
3.3.1. Prerequisites
Building the UEFI requires additional Linux packages. Depending on your Linux distribution, the command to install the packages is different:
If you are using a Ubuntu distribution, type:
$ sudo apt-get install uuid-dev build-essential
If you using a Fedora distribution, type:
$ sudo yum install uuid-devel libuuid-devel
For building UEFI, the Python package is required. If Python is not already available on your system, running the commands from the SoC EDS Embedded Command Shell provides the required Python dependency.
3.3.2. Obtaining the UEFI Source Code
The UEFI source code is located in GitHub. The following steps show you how to get the UEFI source code.
- Open a terminal.
-
Clone
the UEFI source from the
Git
trees.
$ git clone https://github.com/altera-opensource/uefi-socfpga edk2
-
When completed, change to the edk2 folder and perform a Git check out.
$ cd edk2 $ git checkout socfpga_udk201905
3.3.3. Obtaining the edk2 Platform Source Code
$ git clone https://github.com/altera-opensource/edk2-platforms-socfpga edk2-platforms
$ cd edk2-platforms
$ git checkout socfpga_udk201905
3.3.4. Compiling the UEFI Source Code with the Linaro Tool Chain
This section explains how to compile the UEFI source code with the Linaro toolchain in a Linux system:
-
Open a terminal and enter the following command:
$ cd <your directory that contain edk2 and edk2-platforms> $ export PATH=<your gcc directory>/\ gcc-arm-8.3-2019.03-x86_64-aarch64-linux-gnu/bin/:$PATH $ export CROSS_COMPILE= aarch64-linux-gnu- $ export ARCH=arm64 $ export GCC48_AARCH64_PREFIX=aarch64-linux-gnu-
-
Set up the EDK_TOOLS_PATH:
$ export EDK_TOOLS_PATH=$PWD/edk2/BaseTools
-
Set up the a PACKAGES_PATH to point to the location of the
repositories:
$ export PACKAGES_PATH= $PWD/edk2:$PWD/edk2-platforms/
-
Set up the WORKSPACE:
$ export WORKSPACE = $PWD
-
Set up the build environment:
$ . edk2/edksetup.sh
-
Build BaseTools (ensure the python tools are installed):
$ make -C edk2/BaseTools
-
Compile the UEFI bootloader by entering the following command:
$ build -a AARCH64 -p Platform/Intel/Stratix10/Stratix10SoCPkg.dsc -t GCC48 -b DEBUG -y report.log -j build.log -Y PCD -Y LIBRARY -Y FLASH -Y DEPEX -Y BUILD_FLAGS -Y FIXED_ADDRESS
- Your terminal displays a "Build Done" message after the UEFI is successfully compiled.
3.3.5. UEFI Generated Files
Compiling the UEFI source code creates the following files in the /Build/Stratix10SoCPkg/RELEASE_GCC48 folder:
File | Description |
---|---|
INTELSTRATIX10_EFI.fd | This file is the UEFI bootloader to boot UEFI shell and enable ethernet feature or run a UEFI application |
3.3.6. Generating the FIP
FIP is the payload that ATF's BL2 loads into RAM and executed. The FIP contains the binary for BL31 and UEFI bootloader, and a container that BL2 recognizes.
$ export ARCH = ARM64
$ export CROSS_COMPILE= aarch64-linux-gnu-
$ cd <your arm-trusted-firmware source code directory>
$ make fip BL33= <your UEFI build workspace>/Build/Stratix10SoCPKG/\ DEBUG_GCC48/FV/INTELSTRATIX10_EFI.fd fip PLAT=stratix10
4. Running UEFI on Intel Stratix 10 Hardware
4.1. Running on a Physical Board with ATF and UEFI Bootloader
This section describes how to run the Secure Monitor on a physical board.
4.1.1. Generate a .sof file with ATF
- Get a .sof file from the $SOCEDS_DEST_ROOT installation directory.
-
Convert the binary file bl2.bin, generated in Building the ATF.
$ aarch64-linux-gnu-objcopy -I binary -O ihex - \ -change-addresses 0xffe00000 bl2.bin bl2.hex
-
Include the bootloader into the .sof file as follows:
$ quartus_pfg -c -o hps_path=bl2.hex \ ghrd_1sx280lu2f50e2vg.sof ghrd_1sx280lu2f50e2vg_hps.sof
4.1.2. Creating an SD Card Image
- Generate UEFI Bootloader and FIP as in Building the UEFI Boot Loader and Generating the FIP.
- Build Linux and root file system based on the instructions in Rocketboard.
-
Build the SD card image:
-
Get the make_image python script and make it
executable:
$ wget https://releases.rocketboards.org/release/2019.10/gsrd/tools/make_sdimage.py
$ chmod +x make_sdimage.py
-
Prepare the fat partition contents:
$ mkdir fat && cd fat
$ cp <your linux image folder>/linux-socfpga/arch/arm64/boot/Image
$ cp <your device tree folder>/linux-socfpga/arch/arm64/boot/dts/altera/socfpga_stratix10_socdk.dtb
-
Prepare the root file system partition contents:
$ mkdir rootfs && cd rootfs
$ tar xf <your rootfs directory>/gsrd-console-image-*.tar.xz
-
Create the SD card image:
$ sudo ./make_sdimage.py -f -P fip.bin,num=3,format=raw,size=10M, type=A2 -P rootfs/\ *,num=2,format=ext3,size=1500M -P Image,socfpga_stratix10_socdk.dtb,num=1,format=fat32,size=500M -s 2G -n sdimage.img
Note: If you already have an SD image with A2 partition, you can replace the FIP file with the command below:$ sudo dd if =arm-trusted-firmware/build/stratix10/release/fip.bin of=/dev/sdx3
-
Get the make_image python script and make it
executable:
4.1.3. Running the Secure Monitor
- Power up the board after the SD card is inserted.
-
Open Quartus programmer and program the board with the .sof file generated in Generating
a .sof File with ATF.
The board boots up from the ATF and automatically loads UEFI bootloader to boot UEFI shell.
4.1.4. Debugging with DS
This section describes how to load ATF and UEFI bootloader to the physical board through DS.
-
Ensure that you have installed DS. Launch eclipse using the following
command:
$ armds_ide &
-
Set up new debug connection:
Figure 2. Step Illustration
-
After configuration is complete, connect to the target.
Note: You must program the board with ghrd_1sx280lu2f50e2vg_hps_debug.sof before connecting to the target.
-
In the DS command console, you may load a debug script with the following
contents to download the ATF and UEFI bootloader to physical board.
# Load BL2 using debugger restore <path to ATF>/build/stratix10/debug/bl2.bin binary 0xffe00000 add-symbol-file <path to ATF>/build/stratix10/debug/bl2/bl2.elf # Initial State delete set $pc = 0xffe00000 # Skips watchdog hbreak watchdog_init continue wait 5s set $r0 = 0 set $pc = $lr # Skips image authentication # BL31 hbreak load_auth_image continue wait 5s set $r0 = 0 set $pc = $lr # BL33 (UEFI) continue wait 5s set $r0 = 0 set $pc = $lr # Load BL31 & BL33 using debugger # BL31_BASE = 0x1000 restore <path to ATF>/build/stratix10/debug/bl31.bin binary 0x1000 add-symbol-file <path to ATF>/build/stratix10/debug/bl31/bl31.elf # PLAT_NS_IMAGE_OFFSET = 0x10000000 restore <path to UEFI>/Build/Stratix10SoCPkg/DEBUG_GCC48/FV/INTELSTRATIX10_EFI.fd binary 0x10000000 continue
4.2. Booting Linux
This section shows you how to boot Linux after UEFI enters the UEFI shell.
4.2.1. Booting from the UEFI Shell
- Boot the board up to the UEFI shell, as described in Running the Secure Monitor.
-
Once the UEFI shell is loaded, enter the following command to boot
Linux:
$ Image dtb=socfpga_stratix10_socdk.dtb console=ttyS0,115200 root=/dev/mmcb
Note: Make sure Linux image and dtb is stored in the SD card.
5. Document Revision History for Intel Stratix 10 SoC UEFI Boot Loader User Guide
Document Version | Changes |
---|---|
2020.06.19 | Updated the following sections:
|
2019.03.28 |
|
2017.06.19 | Initial release. |